The emergence of third party's account open platforms enable expanded services and applications to a much bigger user population with much simplified login mechanisms and convenience. More specifically, third party's account open platforms remove a requirement that each individual user must first establish an account before logging in to subscribe a service or application belonging to a service provider or merchant. Instead, any user may login to use services from other service providers or merchants, by simply sharing and authorizing in advance, the user's own account login information through a mechanism called third party's account open platform authorizations.
Such convenience and login mechanisms, however, have also become a target for cyber hacking to steal a high volume of users account information, which a successful hacking effort to steal a user's account information of one service provider or merchant may lead to a chain of collateral damages to the same user in other service providers which have been authorized to login through the third party's account open platform mechanism.
One conventional login mechanism in accessing a certain service provider utilizing third party's account open platform is through an embedded login service, which a user may jump to login at a third party's account page. Once the login is successful, the third party's account open platform may enquire the user to authorize the current service. Once user's authorization is obtained, the third party account open platform may synchronize the information corresponding to the granted authority to the current service provider, and the current service provider is simultaneously associated and logged in to the user's account on the third party account open platform.
When logging in to a certain service provider, a third party account open platform may assure a login security merely by means of account verification, and once the third party account is stolen by a cyber-hackler, other service providers associated with the stolen account may also be attacked along with it. The account security offered by the third party account open platform may therefore be insufficient in protecting users.